CVE-2020-7769
npm/nodemailer
Injection Vulnerability
Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending emails.
All versions before 6.4.16
Upgrade to version 6.4.16 or above.
2020-11-26
source |